The national agency expressed concern that personal data in the personalized farecard system can be accessed by too many different persons and will be on file for too long a period.

The Data Protection Inspectorate said Wednesday that they have agreed that Tallinn city is to provide written explanations at the beginning of next week or face possible sanctions.

The Inspectorate's adviser Stiina Liivrand told uudised.err.ee that a meeting with city officials will take place next week after the explanations are received. Sanctions could be applied if the matter is not resolved, she said.

"The temporary closure of the systems is possible, and we also consider it possible to demand deletion of collected data," said Liivrand. In December, the Data Protection Inspectorate withheld approval for the farecard dataset, saying they did not understand why the data in the set had to be retained for seven years and accessed by a wide range of parties.

The data include passengers' names, addresses, personal ID code, and information on the person who bought the ticket, grounds for discount, itinerary and e-mail address and telephone number. Tallinn Transport Department head Andres Harjo was cited by uudised.err.ee as saying that the data are needed for keeping records on the ticket sales if the customers request information at a later date.

The seven-year retention period, he said, was in line with accounting requirements, which also set forth a seven-year term. The city made the full transition to the new system on January 1, but started using the dataset earlier. That was before it applied for permission from the Inspectorate.